CN108199869A - For the wireless MAN and its safety management system of education sector - Google Patents
For the wireless MAN and its safety management system of education sector Download PDFInfo
- Publication number
- CN108199869A CN108199869A CN201711426252.0A CN201711426252A CN108199869A CN 108199869 A CN108199869 A CN 108199869A CN 201711426252 A CN201711426252 A CN 201711426252A CN 108199869 A CN108199869 A CN 108199869A
- Authority
- CN
- China
- Prior art keywords
- wireless
- module
- user
- account
- management system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/084—Configuration by using pre-existing information, e.g. using templates or copying from other elements
- H04L41/0843—Configuration by using pre-existing information, e.g. using templates or copying from other elements based on generic templates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2852—Metropolitan area networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Automation & Control Theory (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to Overview of wireless MAN technologies field more particularly to a kind of wireless MANs and its safety management system for education sector.The wireless MAN is configured two pieces of wireless controller AC boards by H3C 7506E wireless cores interchanger and forms;The wireless controller AC increases by 256 wireless aps mandates.The safety management system includes authentication module, behavior management module, fort machine module, logger module and on-line monitoring module;The present invention is by setting behavior management that the use to internet is controlled and managed for Internet user.It is included to web page access filtering, network application control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest transparent deployment in a network;By the way that fort machine module is set to carry out 4A internal control and managements to internal administrative staff and third party maintenance personnel.
Description
Technical field
The present invention relates to Overview of wireless MAN technologies field more particularly to a kind of wireless MAN for education sector and its
Safety management system.
Background technology
Wireless MAN (WMAN) transmits letter between referring to geographically to cover the distribution node of city and its suburb range
Wireless network is locally-assigned in breath.It can realize the multiple services access service such as voice, data, image, multimedia, IP.It is covered
The representative value of range is 3~5km, and the covering of point-to-point link can be up to tens kms, can provide the ability of supporting QoS and
With the ambulant shared access ability of a certain range.The technologies such as MMDS, LMDS and WiMAX belong to Metropolitan Area Network (MAN) scope.Industry at present
Boundary's enterprise-level
The technology trends of WLAN form the networking trend of two sets of mainstreams, i.e. FAT AP and FIT AP (fat AP and thin
The scheme of AP).
FAT AP are traditional WLAN networking plans, and AP assumes responsibility for certification termination, roaming switch, dynamic key and generates in itself
Sophisticated functions are waited, comparatively the function of AP is heavier because being referred to herein as FAT AP, and Huawei 3Com offers WA1208E is total to indoor and outdoor and is total to
Four sections of 11a/b/g complete serieses AP are as FAT AP scheme networkings.
FIT AP are a kind of emerging WLAN networking models, and Wireless Switch are increased with respect to FAT AP schemes
(nothing
Line interchanger) as central concentrated controling management equipment, the certification termination originally carried on FAT AP itself is overflow
The complicated business functions such as trip switching, dynamic key are transferred on Wireless Switch to carry out, AP and Wireless
Communicated between Switch by tunnel style, between can cross over L2, L3 network even wide area network be attached, therefore subtract
Lack the burden of single AP, improve the working efficiency of whole net.Simultaneously because the characteristics of this centralized management of FIT AP schemes,
The extension of more rich business function can be very easily realized by upgrading the software version of Wireless Switch.
3Com Co Ltd of Huawei provides Wireless Switch (WX5002/WX4400/WX1200)+FIT AP at present
(WA2110-AG/AP2750/AP3750) the FIT AP solutions of+profession is wireless webmaster (Quidview/WXM)+CAMS, institute
There is the installation of AP zero configurations itself, and other than transmitting data, whole net less radio-frequency environment can also be monitored, detected
Go out illegal invasion AP and illegitimate client.
IT application in education sector is the important trend developed now, and wireless MAN is also in educational business such as school, school district
Infrastructure, therefore built up all educational units in one region of basic covering and mainly imparted knowledge to students the wireless network at position.Meanwhile
Wireless network also needs to have secure accessing, real-name authentication and is required with the technology of network log-in management equipment linkage wireless
Metropolitan Area Network (MAN) and its safety management system are very necessary.
Invention content
This application provides a kind of wireless MAN and its safety management system for education sector, to solve existing skill
The problem of educational system networked environments are not safe enough in art.
For this purpose, the present invention provides following technical proposals:A kind of wireless MAN for education sector, the wireless city
Domain net is formed including wireless controller AC and Duo Tai wireless aps;The wireless aps are all matched by what wireless controller AC was unified
It puts and manages;It is characterized in that:Two pieces of wireless controllers are configured by H3C 7506E wireless cores interchanger in the wireless MAN
AC boards form;The wireless controller AC increases by 256 wireless aps mandates.
Further, the wireless aps carry out long-range PoE by PoE interchangers and power or select power supplied locally.
A kind of safety management system for education sector, the safety management system include authentication module, behavior
Management module, fort machine module, logger module and on-line monitoring module;The authentication module output terminal respectively with row
It is electrically connected for management module input terminal, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
Further, online user's Monitor And Control Subsystem, online condition monitoring subsystem are provided in the on-line monitoring module
System, IDS, audit of information security system, forces off-line system and information issuing system at fire wall;The online user monitors son
System is electrically connected respectively with online condition monitoring subsystem, fire wall, audit of information security system and fire wall;The fire wall
It is electrically connected with IDS;Described information safety auditing system is electrically connected with the pressure off-line system;The pressure off-line system and letter
Cease delivery system electrical connection.
Further, the authentication module workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and background system automatically begins to calculate account
The term of validity;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface
Module (Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal
The log in page of Server;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
Further, the content of the logger module record includes:Account name logs in access time, is current online
Number, total usage time, the target website address logged in, Target IP, source IP, MAC Address, GET/POST behaviors, user's operation
System sign, interchanger label, floor markers.
Further, the upper net state of the online condition monitoring subsystem monitors includes:The same day and of that month online duration,
The same day and of that month uplink and downlink flow, the packet number sended and received, TCP connection number, source IP, source MAC.
The technical solution that the application provides includes following advantageous effects:
1st, user only needs to establish service parameter template and device parameter template, and sets the AP specified and quote these moulds
Plate, wireless controller can issue configuration according to advance configuration reference information to FIT AP when FIT AP start, and user's matches
Workload is put to greatly reduce.
2nd, user is to be completed to act on behalf of by wireless controller to the management of FIT AP, and webmaster is no longer concerned about the IP of FIT AP
Address, the association between FIT AP and wireless controller are to be automatically performed, the configuration intervention that user is no longer needed to carry out AP.
3rd, the data message of wireless user is encapsulated in by FIT AP in the data tunnel between AP and AC, accesses the edge net of AP
Network does not need to change the configurations such as VLAN and ACL for the access of wireless user again.
4th, wireless controller saves the operation conditions of managed FIT AP and online user's statistical information, maintenance personnel
Only it need to log on to the wireless controller specified and can complete information and watch.User is to pass through wireless control to the management of FIT AP
Device is completed to act on behalf of, therefore the setting of online change service strategy and security strategy setting are also no longer needed to log on to AP one by one and be set
It is standby, and only needing to log on to the wireless controller specified can complete to set, wireless controller can be automatically under new configuration
It is dealt into the FIT AP specified.
5th, user no longer needs manually one by one to carry out AP equipment software upgrading, and AP can compare automatically in each restarting
The version preserved on more currently running version and wireless controller, if the version updating preserved on wireless controller, FIT
AP can automatically update local software.
6th, AP locally no longer preserves configuration information, and there is no the safety occurred due to configuration loss is hidden device losses
Suffer from.
7th, by the way that safety management system is set to carry out security hardening, ensure educational environment online environment.
8th, by setting behavior management that the use to internet is controlled and managed for Internet user.It is included to webpage
Access filtering, network application control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest in a network transparent
Deployment.
9th, by the way that fort machine module is set to carry out 4A internal control and managements to internal administrative staff and third party maintenance personnel.
Description of the drawings
In order to illustrate more clearly of the technical solution of the application, letter will be made to attached drawing needed in the embodiment below
Singly introduce, it should be apparent that, for those of ordinary skills, without having to pay creative labor,
It can also be obtained according to these attached drawings other attached drawings.
Fig. 1 is that a kind of modular structure of safety management system for education sector provided by the embodiments of the present application is illustrated
Figure.
Fig. 2 is the on-line monitoring module in a kind of safety management system for education sector provided by the embodiments of the present application
Structure diagram.
Fig. 3 is a kind of data flow figure of safety management system for education sector provided by the embodiments of the present application.
Fig. 4 is a kind of authentication online stream of safety management system for education sector provided by the embodiments of the present application
Journey schematic diagram.
Fig. 5 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application
System monitoring schematic diagram data one.
Fig. 6 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application
System monitoring schematic diagram data two.
Fig. 7 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application
System monitoring schematic diagram data three.
Fig. 8 is a kind of online condition monitoring of safety management system for education sector provided by the embodiments of the present application
System monitoring schematic diagram data four.
Fig. 9 is that a kind of one kind of safety management system for education sector provided by the embodiments of the present application is led for educating
Dress schematic diagram is put in the school room of the wireless MAN in domain.
Figure 10 is that a kind of one kind of safety management system for education sector provided by the embodiments of the present application is used to educate
School's corridor of the wireless MAN in field puts dress schematic diagram.
Specific embodiment
Attached drawing herein is incorporated into specification and forms the part of this specification, shows the implementation for meeting the application
Example, and for explaining the principle of the application together with specification.
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or it will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, for those of ordinary skill in the art
Speech, without creative efforts, can also be obtained according to these attached drawings other attached drawings.
Embodiment one
A kind of safety management system for education sector as shown in Figure 1, it is characterised in that:The safety management system packet
Include authentication module, behavior management module, fort machine module, logger module and on-line monitoring module;The identity is recognized
Card module output terminal is electrically connected respectively with behavior management module input, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
One as the present embodiment technical solution improves greatly, and the fort machine system is green alliance OSMS (NH3) V5.6:Mainly
For carrying out 4A internal control and managements to internal administrative staff and third party maintenance personnel.
One as the present embodiment technical solution improves greatly, and behavior management module is deeply convinced network log-in management module
AC-10000;The use to internet is controlled and managed for Internet user.It is included to web page access filtering, network application
Control, bandwidth traffic management, information transmit-receive audit, user behavior analysis.Suggest transparent deployment in a network.
Authenticating device and deeply convinced AC-10000 behavior auditing equipment are docked, and authenticating device is able to record that client surfs the Internet
Account, MAC, IP, URL, and account information is pushed to behavior auditing equipment, behavior auditing based on certification by account carry out
Behavior auditing, and the information such as account, URL, internet content can be inquired in the backstage of behavior auditing, facilitate user's later stage anti-
It looks into, it is only necessary to input account with regard to the internet information of associated user can be inquired.
Specifically, as shown in figure 3, the data flow schematic diagram of system is managed for safety.
First, wireless controller:Wireless controller and AP are the basic components that wireless network completes data forwarding.In controller plus
Under the network architecture of AP, the Intelligent treatment of all about less radio-frequency management, network security management etc. is all concentrated on the controller
Processing, and AP only completes the transmitting-receiving for side data of eating dishes without rice or wine.In real work, every controller a certain number of AP good at managing, and
Secure encryption tunnel is established with every AP.After wireless medium reaches AP, AP is encapsulated data into tunnel and is transmitted user data
To controller.Controller solves data, and the management strategies such as safety, QoS according to administrator's setting, is handled.
2nd, authentication:Wireless access certification for school office worker, student and visitor, different users are provided
Group provides different authentication mode and access authority, and forms Log Shipping to behavior management audit device.
3rd, behavior management:The internet behavior of users all in network is supervised, while is joined with wilful system
Dynamic, the account of certification is corresponding with the IP of auditing systematic administration, and display is for user name on auditing system.
For Bureau of Education's wireless network, providing one or more SSID (internal, visitor) and original cable network, realization has
Line, wireless unified identity authentication.Unified identity authentication platform is built, it is related right convenient for the realization of the systems such as later stage and Digital Campus
It connects.
Short Message Service Gateway certification is realized for Guest User, and wireless network (visitor) is accessed convenient for visitor, it can be quick, convenient
Certification account and password are obtained by mobile phone, realize real-name authentication.
Have personalized Portal certification pages, provide Chinese and English Portal, and intelligent terminal and common PC can be distinguished
Etc. the page that different terminals provides covering individual requirement;Yongjia Bureau of Education verification portal overall image is provided.
Have the good user interface of human-computer interaction, relevant configuration, branch are carried out according to different demands convenient for administrator
Administrator is held by the management of web browser, intelligent terminal operation system to unified identity authentication platform, is inquired, statistics.
Consider application demand of Bureau of Education's wireless network to personalized Portal certification pages, wireless authentication device is supplied to
AC Portal softwares based on 2.0 agreements of operator Portal:
A:Wireless controller end uses standard Portal2.0 agreements, and the web authentication page is directed toward authenticating device AC
Portal server.AC Portal issue different according to wireless controller pushed information (IP, vlan, SSID, terminal type)
Certification page
B:Wireless controller is docked using radius agreements with authenticating device gateway, realizes unified identity authentication and short message net
Close certification
One as the present embodiment technical solution improves greatly, as shown in figure 4, the authentication module workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and background system automatically begins to calculate account
The term of validity;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface
Module (Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal
The log in page of Server;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
Specifically, Verification System after having disposed all users using user name password come certification surf the Internet;User name
It is to register in systems, corresponding user's real name.The record of user's online all so all corresponds to individual subscriber;User's registration is not
Only include the phone that user's real name also has user, the real time information such as address and mail.
One as the present embodiment technical solution improves greatly, and the logger module is in the note that record is accessed for user
It is very perfect in terms of record, can is to access record specially one database log file of design.And remember according to when its access
When record is more than capacity, the new access record file of automatic distribution one by written document or can write the form of database and protect
Access record is deposited, ensure that the integrality for accessing record and flexibility.
The storing process of authentication gateway is:After user log-in authentication success, website is accessed, is noted by the page or client
It after pin, generates login record and access records, login record is stored in specified data library clothes by authentication gateway with record is accessed
It is engaged in device
Access log is the length of storage time inside the form storage to database server hard disk by written document
It is short, the size depending on hard drive space.As long as hard drive space is sufficiently large, it is possible to store comparable journal file, and ensure
Data will not lose.
You can inquire at any time in record is accessed:Account name logs in access time, current online number, total use
Time, the target website address logged in, Target IP, source IP, MAC Address, GET/POST behaviors etc..In addition can increase as needed
Add required field, such as operating system of user mark, interchanger label, floor markers field etc..
At present, the demand of the inquiry of public security and state security organization to accessing record is very big, including hacker attack, instead
Inquiry of dynamic speech etc., but the acquisition recorded is accessed for the access device that embedded network exports, it is that a load is very heavy
Work.Authentication gateway while normal access authentication function is not influenced, can acquire user's visit with its high-performance high stability
The complete URL records asked, meet the needs of campus administration significantly.
Embodiment two
As shown in Fig. 2, online user's Monitor And Control Subsystem, online condition monitoring subsystem are provided in the on-line monitoring module
System, IDS, audit of information security system, forces off-line system and information issuing system at fire wall;The online user monitors son
System is electrically connected respectively with online condition monitoring subsystem, fire wall, audit of information security system and fire wall;The fire wall
It is electrically connected with IDS;Described information safety auditing system is electrically connected with the pressure off-line system;The pressure off-line system and letter
Cease delivery system electrical connection.
Specifically, as viewed in figures 5-8, system provides complete online user's Monitor And Control Subsystem, can monitor use in real time
The upper net state at family, including the same day and of that month online duration, the same day and of that month uplink and downlink flow, the packet number, the TCP that send and receive
The details such as number, source IP, source MAC are connected, management system is monitored online in Verification System user can be with IDS, fire wall, information
The realizations such as safety auditing system are docked, and the user account of the detection information of more than equipment acquisition and system is mapped in real time,
It provides complete user's online real-time behavioural information to webmaster, for disabled user, management system pair can be monitored online in user
User carries out forcing the functions such as offline and news release, and school's webmaster is enable to quickly find orientation problem source simultaneously can be right in real time
User is controlled, and network management is made more to have timeliness, operability and accuracy.
Embodiment three
A kind of wireless MAN for education sector, it is wireless that the wireless MAN includes wireless controller AC and Duo Tai
AP is formed;The wireless aps are all carried out unified configuration and management by wireless controller AC;It is characterized in that:The wireless city
Domain net is configured two pieces of wireless controller AC boards by H3C 7506E wireless cores interchanger and forms;The wireless controller AC increases
Add 256 wireless aps mandates.
One as the present embodiment technical solution improves greatly, and the wireless aps carry out long-range PoE by PoE interchangers and supply
Electricity or selection power supplied locally.
Specifically, the framework has following advantage:
The configuration of A.FIT AP is stored in wireless controller, can be downloaded and be closed from wireless controller automatically when FIT AP start
Suitable device configuration information.
B.FIT AP are required to obtain IP address automatically, at the same FIT AP be required to automatically find can access it is wireless
Controller, and the network topology between wireless controller and FIT AP is insensitive.
C. wireless controller supports the Configuration Agent and inquiry proxy of FIT AP, can be suitable to the configuration of FIT AP by user
Profit is passed to the FIT AP equipment specified, while can watch the state and statistical information of FIT AP in real time.
D. wireless controller preserves the recent software of FIT AP, and is responsible for automatically updating for FIT AP softwares.
It can be very good to solve to exist in medium-and-large-sized wlan network networking at present by this completely new network management interface
Problem of management:
1st, user only needs to establish service parameter template and device parameter template, and sets the AP specified and quote these moulds
Plate, wireless controller can issue configuration according to advance configuration reference information to FIT AP when FIT AP start, and user's matches
Workload is put to greatly reduce.
2nd, user is to be completed to act on behalf of by wireless controller to the management of FIT AP, and webmaster is no longer concerned about the IP of FIT AP
Address, the association between FIT AP and wireless controller are to be automatically performed, the configuration intervention that user is no longer needed to carry out AP.
3rd, the data message of wireless user is encapsulated in by FIT AP in the data tunnel between AP and AC, accesses the edge net of AP
Network does not need to change the configurations such as VLAN and ACL for the access of wireless user again.
4th, wireless controller saves the operation conditions of managed FIT AP and online user's statistical information, maintenance personnel
Only it need to log on to the wireless controller specified and can complete information and watch.User is to pass through wireless control to the management of FIT AP
Device is completed to act on behalf of, therefore the setting of online change service strategy and security strategy setting are also no longer needed to log on to AP one by one and be set
It is standby, and only needing to log on to the wireless controller specified can complete to set, wireless controller can be automatically under new configuration
It is dealt into the FIT AP specified.
5th, user no longer needs manually one by one to carry out AP equipment software upgrading, and AP can compare automatically in each restarting
The version preserved on more currently running version and wireless controller, if the version updating preserved on wireless controller, FIT
AP can automatically update local software.
6th, AP locally no longer preserves configuration information, and there is no the safety occurred due to configuration loss is hidden device losses
Suffer from.
Example IV
In order to ensure educational unit Radio Network System solutions all in region more have feasibility.In science reality
Before applying, the wireless coverage situation of its main region is surveyed, to determine required AP quantity in each region for needing to cover
And mounting means, to ensure smooth application of the Radio Network System in each counties and cities region and subordinate school.
According to requirement and on-site land survey that school covers wireless zone, the point position deployment position of floor is accurately devised
It puts and quantity.
As shown in figure 9, to put dress schematic diagram in a certain floor room of certain school.
Specifically, application scenarios:Teaching building region, meeting room, Digital Reading Room;
Role:Teacher, student;
Terminal:Laptop, e-schoolbag (PAD), part mobile phone terminal, part teaching equipment;
AP deployment way:Wall hanging or ceiling installation in each classroom and corridor;
AP requirements:It supports 802.11ac, supports 2.4G/5G double frequency patterns, support spectrum analysis, support frequency spectrum navigation, branch
Hold navigation.
As shown in Figure 10, dress schematic diagram is put for a certain floor corridor of certain school.
Specifically, application scenarios:Teaching building region, meeting room, Digital Reading Room;
Role:Teacher, administrative personnel;
Terminal:Laptop, e-schoolbag (PAD), part mobile phone terminal, part teaching equipment;
AP deployment way:Wall hanging or ceiling installation in each classroom and corridor;
AP requirements:It supports 802.11ac, supports 2.4G/5G double frequency patterns, support spectrum analysis, support frequency spectrum navigation, branch
Hold navigation.
It should be noted that the relational terms of such as " first " and " second " or the like be used merely to an entity or
Operation is distinguished with another entity or operation, and without necessarily requiring or implying between these entities or operation, there are any
This practical relationship or sequence.Moreover, term " comprising ", "comprising" or its any other variant be intended to it is non-exclusive
Property include so that article or equipment including a series of elements not only include those elements, but also including not having
It the other element that is expressly recited or further includes as elements inherent to such a process, method, article, or device.Do not having
There is the element in the case of more limiting, limited by sentence "including a ...", it is not excluded that in the mistake for including the element
Also there are other identical elements in journey, method, article or equipment.
The above is only the specific embodiment of the application, is made skilled artisans appreciate that or realizing this Shen
Please.A variety of modifications of these embodiments will be apparent to one skilled in the art, it is as defined herein
General Principle can in other embodiments be realized in the case where not departing from spirit herein or range.Therefore, the application
The embodiments shown herein is not intended to be limited to, and is to fit to and the principles and novel features disclosed herein phase one
The most wide range caused.
It should be understood that the content that the application is not limited to be described above and be shown in the drawings, and can
To carry out various modifications and change without departing from the scope.Scope of the present application is only limited by appended claim.
Claims (7)
1. for the wireless MAN of education sector, the wireless MAN includes wireless controller AC and Duo Tai wireless aps group
Into;The wireless aps are all carried out unified configuration and management by wireless controller AC;It is characterized in that:The wireless MAN
Two pieces of wireless controller AC boards are configured by H3C 7506E wireless cores interchanger to form;The wireless controller AC increases by 256
A wireless aps mandate.
2. the wireless MAN according to claim 1 for education sector, it is characterised in that:The wireless aps pass through
PoE interchangers carry out long-range PoE power supplies or selection power supplied locally.
3. a kind of safety management system for education sector, it is characterised in that:The safety management system includes authentication
Module, behavior management module, fort machine module, logger module and on-line monitoring module;The authentication module output
End is electrically connected respectively with behavior management module input, logger module and fort machine module;
The behavior management module output terminal is electrically connected respectively with fort machine module and on-line monitoring module;
The logger module is electrically connected with on-line monitoring module.
4. the safety management system according to claim 3 for education sector, it is characterised in that:The on-line monitoring mould
Be provided in block online user's Monitor And Control Subsystem, online condition monitoring subsystem, fire wall, IDS, audit of information security system,
Force off-line system and information issuing system;Online user's Monitor And Control Subsystem respectively with online condition monitoring subsystem, anti-
Wall with flues, audit of information security system and fire wall electrical connection;The fire wall is electrically connected with IDS;Described information security audit system
System is electrically connected with the pressure off-line system;The pressure off-line system is electrically connected with information issuing system.
5. the safety management system according to claim 3 for education sector, it is characterised in that:The authentication mould
Block workflow is:
User opens network address, and authenticating device is automatically redirected to the homepage on connection Portal Serve;
User's input handset number on homepage, and click " obtaining internet account " button;
Portal Server enter account and random cipher from trend database write, and it is effective that background system automatically begins to calculating account
Phase;
After confirmation is written successfully, Portal Server call short message interface that internet account and password are issued short message interface module
(Short Message Service Gateway);
User mobile phone receives the internet account and password of Short Message Service Gateway transmission;
User is surfed the Internet by WLAN terminals such as laptop computer or mobile phones, and authenticating device is automatically redirected to Portal Server's
Log in page;
User inputs account number cipher, and click logs in;
Portal Server verify account number cipher input by user and the account in database
Check results transmission is assigned to authenticating device by Portal Server
After verifying successfully, user then directly accesses internet;
After the term of validity, account is automatically offline.
6. the safety management system according to claim 3 for education sector, it is characterised in that:The log recording mould
The content of block record includes:Account name logs in access time, current online number, total usage time, the targeted website that logs in
Location, Target IP, source IP, MAC Address, GET/POST behaviors, operating system of user mark, interchanger label, floor markers.
7. a kind of safety management system for education sector according to claim 4, it is characterised in that:It is described netted
The upper net state of state Monitor And Control Subsystem monitoring includes:The same day and of that month online duration, the same day and of that month uplink and downlink flow, receive and
Packet number, TCP connection number, source IP, the source MAC of transmission.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711426252.0A CN108199869A (en) | 2017-12-26 | 2017-12-26 | For the wireless MAN and its safety management system of education sector |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711426252.0A CN108199869A (en) | 2017-12-26 | 2017-12-26 | For the wireless MAN and its safety management system of education sector |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108199869A true CN108199869A (en) | 2018-06-22 |
Family
ID=62583925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711426252.0A Pending CN108199869A (en) | 2017-12-26 | 2017-12-26 | For the wireless MAN and its safety management system of education sector |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108199869A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112003709A (en) * | 2020-07-08 | 2020-11-27 | 唐忠 | Personnel management system for enterprises |
CN112073977A (en) * | 2020-08-25 | 2020-12-11 | 深圳市虹鹏能源科技有限责任公司 | Network control method and device for tunnel |
CN112419825A (en) * | 2020-12-01 | 2021-02-26 | 武威职业学院 | Multimedia accounting teaching device based on AR technique |
CN112788127A (en) * | 2020-12-31 | 2021-05-11 | 神州顶联科技有限公司 | Personnel positioning system and method based on campus wireless network |
CN113067732A (en) * | 2021-03-23 | 2021-07-02 | 北京电信规划设计院有限公司 | Internet access behavior management control method |
CN113347625A (en) * | 2021-06-04 | 2021-09-03 | 广州瀚信通信科技股份有限公司 | Data transmission method and system for smart campus construction based on 5G edge calculation |
CN114627701A (en) * | 2020-12-10 | 2022-06-14 | 中测科技(广州)有限公司 | Information acquisition teaching method based on virtual reality technology and application system |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080089305A1 (en) * | 2006-10-13 | 2008-04-17 | Huawei Technologies Co., Ltd. | System and method for broadband mobile access network |
CN102427610A (en) * | 2011-12-29 | 2012-04-25 | 陈佳阳 | Wireless router with built-in user management function, system and networking method thereof |
CN102480759A (en) * | 2010-11-25 | 2012-05-30 | 中兴通讯股份有限公司 | Network-management realizing method and system on basis of fit wireless access point architecture |
CN103095505A (en) * | 2013-02-05 | 2013-05-08 | 北京傲天动联技术股份有限公司 | Method and system for controlling power supply of power over Ethernet (POE) exchanger port |
CN104080172A (en) * | 2013-03-29 | 2014-10-01 | 上海贝尔股份有限公司 | Method, device and system for WLAN resource management in access network system |
CN104243206A (en) * | 2014-09-03 | 2014-12-24 | 烽火通信科技股份有限公司 | System and method for realizing centralized configuration and management of ONU wireless functions |
CN104918251A (en) * | 2015-06-25 | 2015-09-16 | 马秋平 | Wireless network coverage system |
CN106161048A (en) * | 2015-03-27 | 2016-11-23 | 深圳市携网科技有限公司 | Audit terminal and the wireless auditing system with this audit terminal |
CN106211217A (en) * | 2015-04-30 | 2016-12-07 | 深圳市商机无限网络科技有限公司 | A kind of WIFI network method for auditing safely, platform |
CN106301822A (en) * | 2015-05-15 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems that AP is configured |
CN106713362A (en) * | 2017-02-27 | 2017-05-24 | 深圳市携网科技有限公司 | Method for realizing security investigation of WiFi network access |
CN206743559U (en) * | 2017-03-24 | 2017-12-12 | 朗高工程有限公司 | A kind of wireless network covering system for building |
-
2017
- 2017-12-26 CN CN201711426252.0A patent/CN108199869A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080089305A1 (en) * | 2006-10-13 | 2008-04-17 | Huawei Technologies Co., Ltd. | System and method for broadband mobile access network |
CN102480759A (en) * | 2010-11-25 | 2012-05-30 | 中兴通讯股份有限公司 | Network-management realizing method and system on basis of fit wireless access point architecture |
CN102427610A (en) * | 2011-12-29 | 2012-04-25 | 陈佳阳 | Wireless router with built-in user management function, system and networking method thereof |
CN103095505A (en) * | 2013-02-05 | 2013-05-08 | 北京傲天动联技术股份有限公司 | Method and system for controlling power supply of power over Ethernet (POE) exchanger port |
CN104080172A (en) * | 2013-03-29 | 2014-10-01 | 上海贝尔股份有限公司 | Method, device and system for WLAN resource management in access network system |
CN104243206A (en) * | 2014-09-03 | 2014-12-24 | 烽火通信科技股份有限公司 | System and method for realizing centralized configuration and management of ONU wireless functions |
CN106161048A (en) * | 2015-03-27 | 2016-11-23 | 深圳市携网科技有限公司 | Audit terminal and the wireless auditing system with this audit terminal |
CN106211217A (en) * | 2015-04-30 | 2016-12-07 | 深圳市商机无限网络科技有限公司 | A kind of WIFI network method for auditing safely, platform |
CN106301822A (en) * | 2015-05-15 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems that AP is configured |
CN104918251A (en) * | 2015-06-25 | 2015-09-16 | 马秋平 | Wireless network coverage system |
CN106713362A (en) * | 2017-02-27 | 2017-05-24 | 深圳市携网科技有限公司 | Method for realizing security investigation of WiFi network access |
CN206743559U (en) * | 2017-03-24 | 2017-12-12 | 朗高工程有限公司 | A kind of wireless network covering system for building |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112003709A (en) * | 2020-07-08 | 2020-11-27 | 唐忠 | Personnel management system for enterprises |
CN112073977A (en) * | 2020-08-25 | 2020-12-11 | 深圳市虹鹏能源科技有限责任公司 | Network control method and device for tunnel |
CN112419825A (en) * | 2020-12-01 | 2021-02-26 | 武威职业学院 | Multimedia accounting teaching device based on AR technique |
CN112419825B (en) * | 2020-12-01 | 2023-04-07 | 武威职业学院 | Multimedia accounting teaching device based on AR technique |
CN114627701A (en) * | 2020-12-10 | 2022-06-14 | 中测科技(广州)有限公司 | Information acquisition teaching method based on virtual reality technology and application system |
CN112788127A (en) * | 2020-12-31 | 2021-05-11 | 神州顶联科技有限公司 | Personnel positioning system and method based on campus wireless network |
CN113067732A (en) * | 2021-03-23 | 2021-07-02 | 北京电信规划设计院有限公司 | Internet access behavior management control method |
CN113067732B (en) * | 2021-03-23 | 2022-08-05 | 北京电信规划设计院有限公司 | Internet access behavior management control method |
CN113347625A (en) * | 2021-06-04 | 2021-09-03 | 广州瀚信通信科技股份有限公司 | Data transmission method and system for smart campus construction based on 5G edge calculation |
CN113347625B (en) * | 2021-06-04 | 2022-11-08 | 广州瀚信通信科技股份有限公司 | Data transmission method and system for smart campus construction based on 5G edge calculation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108199869A (en) | For the wireless MAN and its safety management system of education sector | |
CN104079636B (en) | A kind of Mobile Campus Network based on cloud computing | |
CN101166173B (en) | A single-node login system, device and method | |
CN106488525B (en) | A kind of wireless network construction method and corresponding network framework of IP dynamic binding | |
CN101610502B (en) | Method for mobile information integration based on different business systems of mobile application portal | |
CN103685215A (en) | Power communication operation and maintenance mobile system and power communication operation and maintenance method | |
CN103929838A (en) | System And Method For Providing Wireless Local Area Networks As Service | |
CN103595759B (en) | Desktop presentation method based on high in the clouds | |
CN106411857A (en) | Private cloud GIS service access control method based on virtual isolation mechanism | |
CN106254398A (en) | A kind of Wi Fi network system and information-pushing method thereof | |
CN104581725B (en) | A kind of Wi-Fi access dynamic authentication system and its authentication method | |
CN107959712A (en) | A kind of shared laboratory system and operating method | |
CN104754287B (en) | Video monitoring equipment configuration parameter delivery method and system | |
CN103795582A (en) | Test method realized based on cloud service platform | |
CN108632265A (en) | Communication connection method, device and system of client and storage medium | |
CN104320771A (en) | Method, device and system for configuring home node B parameters | |
CN105827648B (en) | Network admittance control system and control method based on the binding of IP-MAC real name | |
CA3150968C (en) | Method of and system for monitoring civil air defense equipment maintenance | |
CN106161499A (en) | Off-line acquisition system for WLAN | |
CN107733707A (en) | The multi-platform cut-in method of standard WIFI agreements | |
CN104092681B (en) | Personalized multi-media Intelligent campus content distribution interactive system based on location-based service | |
CN107071900A (en) | A kind of user facility positioning method and device | |
CN106603257A (en) | Method for determining association relationship between station and switch port | |
CN105262767B (en) | Support the advertisement route system and its authentication method of multiple and different merchant advertisement push | |
CN104301412B (en) | A kind of big data cloud service centralized management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180622 |
|
RJ01 | Rejection of invention patent application after publication |